The CPU manufacturer Intel has rolled out microcode updates for various desktop, server, and mobile processors to address a security vulnerability registered as CVE-2023-23583, classified with a high severity level. As per the manufacturer’s security advisory, this vulnerability potentially allows authenticated attackers with local access to escalate privileges, steal information, and execute DoS attacks.
Intel itself refers to the security flaw as the “Redundant Prefix Issue.” In a separate report, the CPU manufacturer explains that they have identified instances where the execution of an instruction (REP MOVSB) encoded with a redundant REX prefix could lead to unpredictable system behavior under specific microarchitectural conditions. The consequences could include potential system crashes and, in “a few scenarios,” privilege escalation.
Reportedly, Intel has already released updated microcode for some affected processors before November 2023, aiming to fix the vulnerability. These include processors based on the Alder Lake, Raptor Lake, and Sapphire Rapids microarchitectures. Updates for other CPUs are expected to follow. Intel’s report details which models have a patch available. Allegedly, the manufacturer has not observed any impact on system performance due to these updates.
Typically, end-users do not need to manually install these microcode updates. Intel recommends ensuring that their BIOS, operating system, and all drivers are up to date. However, the manufacturer intends to provide the microcode through a repository, allowing administrators to download it as needed and update their systems.
Google researchers have dubbed the vulnerability “Reptar.”
Multiple Google security researchers seemingly discovered the vulnerability independently. Google researcher Tavis Ormandy published a detailed report and named the security flaw “Reptar.”
According to Google Cloud’s CISO, Phil Venables, the vulnerability seems to relate to how CPUs interpret redundant prefixes. Venables explains, “When you use a prefix that doesn’t make sense or conflicts with other prefixes, we consider those as redundant.” Typically, redundant prefixes are disregarded, but due to Reptar, they seemingly lead to security issues.
“The impact of this security vulnerability becomes apparent when exploited by an attacker in a virtualized environment with multiple tenants, as an attack on a guest computer crashes the host computer, resulting in a denial of service for other guest computers on the same host,” stated the Google Cloud CISO. Reptar also enables privilege escalation and data theft.
READ MORE: Google’s WhatsApp Backup Change: Impact on Android Users’ Storage Allocations Revealed
